What are the guidelines for creation of a secure passwords?

What are the guidelines for creation of a secure passwords? What are the best practices to create secure passwords? I would like to make them tougher to crack with brute force tools.
Asked by: Guest \| Views: 284

Total answers/comments: 5

Comments display order:

Guest [Entry]

"On Unix systems PAM, or Pluggable Authentication Module is a nice administrative tool that comes with a crack library that you can test passwords against.

After doing some recent security work, I know that Government standards usually have these guidelines when it comes to a password:

Minimum Length of 14 characters
At least 2 special characters
At least 2 lower case characters
At least 2 upper case characters
At least 2 digits
Must be changed every 60 days
No dictionary words or usernames

Common sense suggests you shouldn't put the 2 numbers and special characters at the beginning or end, but interspersed. While working on these guidelines it brought up the question whether having such complex passwords was really worth it. With passwords so complex, it seems that they have a higher probability of being stored as plain text somewhere by the user or written down somewhere.

In personal use, I typically go less stringent than those guidelines, but definitely no dictionary words or L33t speak."

Guest [Entry]

grc.com has a nice page where you can get strong passwords.

Guest [Entry]

"The discussion at Diceware is an interesting read.

For creating high value passwords and passphrases, the technique of a dictionary like diceware's and a good randomizer such as a handful of dice is a pretty good choice.

Personally, I use PasswordSafe locked by a strong passphrase generated by the diceware technique. I let PasswordSafe generate every other password I need, and generally have no idea what they might be after a few minutes have passed. I have copies of the safe file on several systems, so I'm not too worried about all the eggs being in one basket. The big advantage is that I never knowingly use the same password for two purposes.

For personal use, I do recommend storing a legible copy of the safe's passphrase in a secure location where it could be found by your heirs..."

Guest [Entry]

This site outlines the guidelines well, and will allow you to test it's security. I think coming up with your own will be more memorable then a generated one as well.

Guest [Entry]

"The SecurityStats site has a page where you can try your password fu
It gives you guidelines on better passwords too.

Microsoft also has a similar Password checker page
Another similar Password Meter
Google support suggestions -- Choosing a password and security question

However, I have never liked the security question angle

Good read on the Google Enterprise Blog on password security tracking,
You could maintain an account for yourself where you check the strengths of your passwords.

because the Google Account authentication system continuously sees new variations of password attacks from around the world, we can assess password strength in real-time and help administrators spot passwords that were relatively secure in the past that are more vulnerable to the latest patterns of attacks"